<!--
	o This page will contain the information required to create a new account
	o Will link to the payment server and confirm payment and account creation
	o Will ask for security questions to be used for certain functionalities.
-->

<h1>Registration Page</h1>
<?php

$success = false;
include('connect.php');
if(!isset($_POST['usertype']))
{
echo <<<_END
	<h2>User Type</h2>
	<form action="?page=registration" method="post">
	<input type="hidden" name="usertype" value="REGUSER"/>
	<input type="submit" value="REGUSER"/>
	</form>
	<form action="?page=registration" method="post">
	<input type="hidden" name="usertype" value="BUSAGENT"/>
	<input type="submit" value="BUSAGENT"/>
	</form>
_END;
}
elseif(!isset($_POST['save']))
{
	$usertype = $_POST['usertype'];
echo <<<_END
	<h2>$usertype</h2>
	<h3>USER</h3>
	<form action="?page=registration" method="post"> 
	<table border=2 width=100>
		<tr><th>USERNAME</th><th><input type="text" name='USERNAME'/></th></tr>
		<tr><th>NAME</th><th><input type="text" name='NAME'/></th></tr>
		<tr><th>PASSWORD</th><th><input type="password" name='PASSWORD'/></th></tr>
		<tr><th>CONFIRM PASSWORD</th><th><input type="password" name='CONFPASSWORD'/></th></tr>
_END;
		echo "<tr><th>SECURITY QUESTION 1</th><th>" . securitylist('SQ1') . "</th></tr>";
		echo "<tr><th>ANSWER</th><th><input type='text' name='SA1'/></th></tr>";
		echo "<tr><th>SECURITY QUESTION 2</th><th>" . securitylist('SQ2') . "</th></tr>";
echo <<<_END
		<tr><th>ANSWER</th><th><input type="text" name='SA2'/></th></tr>
		<tr><th>EMAIL ADDRESS</th><th><input type="text" name='EMAIL_ADDRESS'/></th></tr>
		<tr><th>CREDIT CARD</th><th><input type="text" name='CREDIT_CARD'/></th></tr>
		<tr><th>OCCUPATION</th><th><input type="text" name='OCCUPATION'/></th></tr>

		<tr> <th></th> <th></th> </tr>
		<th><b><u>ADDRESS</u></b></th> <th></th> </tr>
		<tr> <th>LINE1</th><th><input type="text" name="USR_LINE1" value=""></th> </tr>
		<tr> <th>LINE2</th><th><input type="text" name="USR_LINE2" value=""></th> </tr>
		<tr> <th>CITY</th><th><input type="text" name="USR_CITY" value=""></th> </tr>
		<tr> <th>PROVINCE</th><th><input type="text" name="USR_PROVINCE" value=""></th> </tr>
		<tr> <th>COUNTRY</th><th><input type="text" name="USR_COUNTRY" value=""></th> </tr>
		<tr> <th>POSTAL_CODE</th><th><input type="text" name="USR_POSTAL_CODE" value=""></th> </tr>
		<tr> <th></th> <th></th> </tr>
		<tr><th>EMPLOYER ADDRESS</th><th><TEXTAREA NAME='EMPLOYER_ADDRESS' ROWS=4 COLS=40></TEXTAREA></th></tr>
		<tr><th>EMPLOYER</th><th><input type="text" name='EMPLOYER'/></th></tr>
		<tr><th>MOBILE PHONE</th><th><input type="text" name='MOBILE_PHONE'/></th></tr>
		<tr><th>LOCAL PHONE</th><th><input type="text" name='LOCAL_PHONE'/></th></tr>
	</table>
_END;
	if($usertype == "BUSAGENT")
	{
	$business = mysql_query("SELECT * FROM OTHER_PARTIES LIMIT 1;");
	$address = mysql_query("SELECT * FROM ADDRESS LIMIT 1;");
	$swaps = array(	'USRID'		=>	'SKIP',
			'ADRID' 	=>	'SKIP',
			'OPEID'		=>	'SKIP',
			'DEFAULT'	=>	'<input type="text" name="KEYMARKER"/>');
echo <<<_END
		<h3>COMPANY</h3>
_END;
	printTable($business, $swaps);
	echo '<h3>COMPANY ADDRESS</h3>';
	printTable($address, $swaps);

	}
echo <<<_END
	<input type="hidden" name="usertype" value="$usertype"/>
	<input type="hidden" name="save" value="yes"/>
	<br />
	<input type="submit" value="Save"/>
	</form>
_END;
}
else if(gtpt('PASSWORD') == 'NULL')
{
	echo "Registration failed: Password cannot be blank! <br />"; 
}
else if($_POST['PASSWORD'] != $_POST['CONFPASSWORD'] )
{
	echo "Registration failed: Passwords don't match! <br />"; 
}
else if(gtpt('SQ1') == gtpt('SQ2'))
{
	echo "Registration failed: Security questions cannot be the same! <br />";
}
else if(gtpt('SA1') == 'NULL' && gtpt('SA2') == 'NULL')
{
	echo "Registration failed: Answers to security questions incomplete! <br />";
}
else
{		
	//USER ADDRESS
	$adrquery =
	"INSERT INTO ADDRESS (ADRID,LINE1,LINE2,CITY,PROVINCE,COUNTRY,POSTAL_CODE)

VALUES(NULL,".gtpt('USR_LINE1').",".gtpt('USR_LINE2').",".gtpt('USR_CITY').",".gtpt('USR_PROVINCE').",".gtpt('USR_COUNTRY').",".gtpt('USR_POSTAL_CODE').");";
	$adrresult = mysql_query($adrquery);
	$ADRID = mysql_insert_id();
	
	$query=
	"INSERT INTO USERS (USERNAME,NAME,PASSWORD,EMAIL_ADDRESS,CREDIT_CARD,USER_TYPE,OCCUPATION,EMPLOYER_ADDRESS,
			   EMPLOYER,BLACKMARK,MOBILE_PHONE,LOCAL_PHONE,STATUS,REGISTRATION_DATE,EXPIRY_DATE,ADRID)
	VALUES          
(".gtpt('USERNAME').",".gtpt('NAME').",".gtpt('PASSWORD').",".gtpt('EMAIL_ADDRESS').",".gtpt('CREDIT_CARD').",'REGUSER',".gtpt('OCCUPATION').",".gtpt('EMPLOYER_ADDRESS').",".gtpt('EMPLOYER').",0,".gtpt('MOBILE_PHONE').",".gtpt('LOCAL_PHONE').",'A', CURDATE(),  DATE_ADD(CURDATE(), INTERVAL 1 YEAR),$ADRID);";

	$result = mysql_query($query);
	if(!$result)
		echo "Registration failed: $query <br />" . mysql_error() . "<br /> <br />";
	$USRID = mysql_insert_id();
	//COMPANY
	if(gtpt('usertype') == "'BUSAGENT'")
	{
		$tables = array('ADDRESS');
		insertQuery($tables);
		$_POST['ADRID'] = mysql_insert_id();
		$_POST['USRID'] = $USRID;
		$tables = array('OTHER_PARTIES');
		insertQuery($tables);
	}
	else
	{
		$FEE_CODE = 'REGISTER';
		$transquery=
			"INSERT INTO TRANSACTIONS (TRANS_DATE,AMOUNT,USRID,FEE_CODE,PAID)
			VALUES	(CURDATE(), (SELECT AMOUNT FROM FEES WHERE FEE_CODE='$FEE_CODE'),$USRID,'$FEE_CODE','NO');";
		$transresult = mysql_query($transquery);
	}
	$seqquery1 = 
		"INSERT INTO USERS_SECURITY (SECID, USRID, ANSWER) 
		VALUES(" . gtpt("SQ1") . "," . $USRID . "," . gtpt('SA1')  . " )";
	$sqresult1 = mysql_query($seqquery1);
	$seqquery2 = 
		"INSERT INTO USERS_SECURITY (SECID, USRID, ANSWER) 
		VALUES(" . gtpt("SQ2") . "," . $USRID . "," . gtpt('SA2')  . ")";
	$sqresult2 = mysql_query($seqquery2);
	if(!$adrresult)
		echo "Registration failed: $adrquery <br />" . mysql_error() . "<br /> <br />";
	elseif(!$sqresult1)
		echo "Registration failed: $seqquery1 <br />" . mysql_error() . "<br /> <br />";
	elseif(!$sqresult2)
		echo "Registration failed: $seqquery2 <br />" . mysql_error() . "<br /> <br />";
	elseif(isset($transquery) && !$transresult)
		echo "Registration failed: $transquery <br />" . mysql_error() . "<br /> <br />";
	elseif (!$result)
		echo "Registration failed: $query <br />" . mysql_error() . "<br /> <br />";
	else echo 'Registration successful<br />'; 
	

}

function gtpt($var)
{
	$result = trim($_POST[$var]);
	if(strlen($result) > 0)	return "'" . $result . "'";
	else return "NULL";
}

function securitylist($name)
{
	$seqquery = "SELECT `QUESTION` FROM `SECURITY`;";
	$result = mysql_query($seqquery);
	if (!$result) die ("Database access failed: " . mysql_error());

	$return = '<select name ="' . $name . '">';
	for($i = 0; $i < mysql_num_rows($result); ++$i)
		$return = $return . '<option value="' . ($i+1) . '">' . mysql_result($result,$i) . "</option>";
	$return = $return . "</select>";
	return $return;
}
?>
